package demo2.demo2.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration2 extends WebSecurityConfigurerAdapter {

        /**
         * Default security configuration for development environment. This disallows
         * the login.
         */
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            // Authentication is disabled for development environment
//            http.authorizeRequests().antMatchers("/services/**").permitAll()
//                    .and().csrf().disable();


            //  允许所有用户访问"/"和"/index.html"
            http.authorizeRequests()
                    .antMatchers("/","/services/**","/hello","/myService/**","/login.html").permitAll()
                    .anyRequest().authenticated()   // 其他地址的访问均需验证权限
                   .and()
                    .formLogin()
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .loginPage("/login")   //  登录页

                    .failureUrl("/login-error.html").permitAll()

                    .successHandler(new AuthenticationSuccessHandler() {
                        @Override
                        public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
                            httpServletResponse.setContentType("application/json;charset=utf-8");
                            PrintWriter out = httpServletResponse.getWriter();
//                        ObjectMapper objectMapper = new ObjectMapper();
                            String s = "{\"status\":\"success\",\"msg\":"  + "}";
                            out.write(s);
                            out.flush();
                            out.close();
                        }}
                        )
                    .and()
                    .logout()
                    .logoutSuccessUrl("/login.html")
                    .and().csrf().disable();
                        ;

        }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/css/**");
    }

}
